[Openswan dev] [Announce] Openswan 2.4.10 Released

Michael Richardson mcr at sandelman.ottawa.on.ca
Tue Nov 6 20:29:26 EST 2007

>>>>> "Jacco" == Jacco de Leeuw <jacco2 at dds.nl> writes:
    >> Most importantly, you can now use leftprotoport=17/0 to mean "any
    >> single udp port", which is required for some L2TP implementations
    >> that use a random high port but don't negotiate that port
    >> properly (eg OSX).

    Jacco> You mean rightprotoport=17/0 for Mac clients, not
    Jacco> leftprotoport=17/0?

    Jacco> IIRC leftprotoport=17/0 was for Cisco VPN 3000's and
    Jacco> non-updated Windows 2000/XP clients.

    Jacco> Also, I got "NAT-Traversal: Result using
    Jacco> draft-ietf-ipsec-nat-t-ike (MacOS X)" when connecting with
    Jacco> Vista. I had expected "RFC 3947 (NAT-Traversal)".  Probably
    Jacco> has something to do with the draft-ietf-ipsec-nat-t-ike-05
    Jacco> that was added.

  Hmm.  Yes, we found that as well when we patched things from 2.4.10
into 2.5.  I guess we should do a 2.4.11 with that patch at some point.
  It did in fact use RFC3947 method, but the string says the wrong


]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

More information about the Dev mailing list